The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember.

Authentication 245

Authentication Passwords Social Engineering Phishing 245

Schneier on Security

JULY 24, 2023

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Internet 241

Internet Internet 241

Tech Republic Security

JULY 24, 2023

In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.

Network Security 148

Network Security 148

Malwarebytes

JULY 24, 2023

If you want to tighten up your parents' home cybersecurity as much as possible, you've come to the right place. After all, you’re no doubt the family IT person, and first point of contact if trouble arises. Consider a Chromebook. If someone is looking for a new computer system for regular, non-demanding purposes, such as browsing, social media, and email, you can help with recommendations.

Banking 98

Banking Software Wireless Encryption 98

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

JULY 24, 2023

Assurances include watermarking, reporting about capabilities and risks, investing in safeguards to prevent bias and more.

Risk 148

Risk Artificial Intelligence Big data 148

Malwarebytes

JULY 24, 2023

Apple has released security updates for several products to address several serious vulnerabilities including some actively exploited zero-days. Updates are available for these products: Safari 16.6 macOS Big Sur and macOS Monterey iOS 16.6 and iPadOS 16.6 iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later iOS 15.7.8 and iPadOS 15.7.8 iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st gene

Spyware 98

Spyware Engineering Risk Cybersecurity 98

Security Affairs

JULY 24, 2023

Apple released security updates to address an actively exploited zero-day flaw in iOS, iPadOS, macOS, tvOS, watchOS, and Safari. Apple released urgent security updates to address multiple flaws in iOS, iPadOS, macOS, tvOS, watchOS, and Safari, including an actively exploited zero-day. The vulnerability, tracked as CVE-2023-38606, resides in the kernel and can be exploited to modify sensitive kernel state potentially.

Mobile 98

Mobile Hacking Information Security 98

Tech Republic Security

JULY 24, 2023

In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.

148

148

The Hacker News

JULY 24, 2023

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management.

98

98

Tech Republic Security

JULY 24, 2023

While the United Nations hashes out regulations, the UK’s ‘context-based’ approach is intended to spur innovation but may cause uncertainty in the industry.

Government 147

Government Artificial Intelligence Big data 147

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Hacker News

JULY 24, 2023

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

98

98

WIRED Threat Level

JULY 24, 2023

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

Encryption 98

Encryption Hacking 98

Security Affairs

JULY 24, 2023

A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH ’s forwarded ssh-agent. OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network.

Authentication 98

Authentication Encryption Internet Hacking 98

The Hacker News

JULY 24, 2023

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.

Software 98

Software 98

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

JULY 24, 2023

Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. “On the 5 th and 7 th of April, a threat actor leveraged the NPM platform to upload a couple of packag

Banking 98

Banking Hacking Malware Software 98

Security Boulevard

JULY 24, 2023

As artificial intelligence (AI) captivates the hearts and minds of business and technology executives eager to generate rapid gains from generative AI, security leaders are scrambling. Seemingly overnight, they're being called to assess a whole new set of risks from a technology that is in its infancy. The post AI and the software supply chain: Application security just got a whole lot more complicated appeared first on Security Boulevard.

Artificial Intelligence 98

Artificial Intelligence Software Technology Risk 98

Security Affairs

JULY 24, 2023

Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries. The ICT platform used by twelve ministries of the Norwegian government was hacked, and threat actors have exploited a zero-day vulnerability in an unnamed third-party software. Local authorities launched an investigation into the attack that was reported by the Norwegian Security and Service Organization (DSS) to the National Security Authority (NSM).

Hacking 98

Hacking Government Software Mobile 98

Security Boulevard

JULY 24, 2023

Storm-0558 Breaks: Satya and Pooh, sitting in a tree, K.I.S.S.I.N.G. The post ‘China’ Azure Breach: MUCH Worse Than Microsoft Said appeared first on Security Boulevard.

Social Engineering 98

Social Engineering Authentication Security Awareness Engineering 98

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Bleeping Computer

JULY 24, 2023

Microsoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main.com domains for the Microsoft 365 services. [.

98

98

The Hacker News

JULY 24, 2023

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems. The list of the flaws is below - CVE-2023-22505 (CVSS score: 8.0) - RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.

98

98

Heimadal Security

JULY 24, 2023

Earlier this month, Microsoft and CISA disclosed a security incident and attributed it to the Chinese threat group Storm-0558. The threat actors stole a Microsoft consumer signing key, which was initially thought to have provided them with access to Exchange Online and Outlook.com. However, it seems like the incident has a broader scope than what […] The post Stolen Microsoft Key: The Impact Is Higher Than Expected appeared first on Heimdal Security Blog.

Cybersecurity 98

Cybersecurity 98

Security Boulevard

JULY 24, 2023

Google is rolling out a red team charged with testing the security of AI systems by running simulated but realistic attacks to uncover vulnerabilities or other weaknesses that could be exploited by cybercriminals. The post Google Launches Red Team to Secure AI Systems Against Attacks appeared first on Security Boulevard.

Security Awareness 98

Security Awareness Malware Cybersecurity 98

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

JULY 24, 2023

The Tampa General Hospital (TGH) has promised to reach out to individuals whose information has been stolen by a ransomware group. In a cybersecurity notice, TGH said it noticed unusual activity on its computer systems on May 31, 2023. “Fortunately, TGH’s monitoring systems and experienced technology professionals effectively prevented encryption, which would have significantly interrupted the hospital’s ability to provide care for patients.” While that is good news from

Ransomware 98

Ransomware Computers and Electronics Passwords Backups 98

Security Boulevard

JULY 24, 2023

Security flaws in connected devices and the IoT are plaguing the digital landscape, impacting a broad range of industries. The post IoT Connected Devices Pose Significant Risk to Organizations appeared first on Security Boulevard.

IoT 98

IoT Risk Internet Internet 98

The Hacker News

JULY 24, 2023

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it," Checkmarx said in a report published last week.

Banking 98

Banking Software Cybersecurity 98

Security Boulevard

JULY 24, 2023

Machine learning-based fraud decision engines are sometimes viewed as mysterious black boxes that only provide minimal insight into why a decision was made on a login or a transaction. It’s a valid concern; not all fraud solution providers provide intuitive decision explainability. Some solutions fail to provide any transparency at all on the transactions they […] The post Lost transparency, blackbox ML, and other hidden risks of outsourced fraud solutions appeared first on Sift Blog.

Risk 98

Risk Engineering 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JULY 24, 2023

Google's security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. [.

Encryption 98

Encryption Passwords 98

Security Boulevard

JULY 24, 2023

The average cost to an organization hit with a data breach reached a record high this year, though those companies are split on who they believe should foot the bill, according to a report released today by IBM. The post IBM: Cost of a Data Breach Hits Another High appeared first on Security Boulevard.

Data breaches 98

Data breaches Ransomware 98

Digital Guardian

JULY 24, 2023

Considering DLP? In this blog, we look at a handful of factors to consider when selecting a solution.

98

98

Security Boulevard

JULY 24, 2023

Ransomware impacts more than seven in ten companies worldwide, and understanding how ransomware spreads is critical to finding solutions to stop it Ransomware is malicious software threat actors use to infiltrate a network. Cybercriminals design ransomware to block access to a computer system or encrypt data they find in an architecture they have infiltrated and.

Ransomware 98

Ransomware Architecture Encryption Software 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!